Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsGoogle Plus Privacy Breach: Europe to Investigate; Senator Blumenthal Calls for FTC Investigation
Politicians and regulators are beginning to comment on the privacy leak at Google Plus that exposed the personal information of up to 500,000 users. The Wall Street Journal reported yesterday that the company feared the regulatory and publicity repercussions of disclosing the privacy breach, although Google’s blog post on the subject cited other reasons. Data protection regulators in Germany and Ireland are expected to seek additional information from Google, and other regulators (like the Federal Trade Commission) may follow.
In the United States:
Senator Richard Blumenthal (D-CT) called for a Federal Trade Commission (FTC) investigation of Google. He told reporters: “Google must explain its unwillingness to disclose this breach and the FTC must conduct a fulsome investigation. But to truly end this cycle of broken promises, we need a national privacy framework that protects consumers and empowers the FTC to hold companies accountable.
Google is currently operating under the terms of a 2011 consent order with the FTC. The FTC typically does not comment on active investigations about companies. However, it did confirm the FTC investigation into Facebook in March following the Cambridge Analytica scandal.
Senator Mark Warner (D-VA) questioned whether FTC enforcement is strong enough to protect consumers against misconduct by the major tech companies and signaled that it was time for Congress to act. The possibility of removing federal privacy enforcement from the scope of the duties of the FTC was also recently suggested by Rep. Nancy Pelosi (D-CA).
Representative Ro Khanna (D-CA) said that events like this justified the Internet Bill of Rights that he released last week. The ten principles contained in it included data privacy protections like data subject access rights and an opt-in right involving data collection and third-party data sharing.
A spokeswoman from the Republican controlled House Energy and Commerce Committee said that the committee is “currently reviewing the situation.”
In Europe:
Bloomberg is reporting that an investigation into Google’s conduct has begun in Germany. The data protection commissioner in Hamburg, Germany plans to ask Google for information. It is currently unclear whether anyone in Germany was impacted by the privacy breach, or if Google will be able to identify where the impacted individuals are located (given the statements in its blog post).
The Irish Data Protection Commission was not aware of the matter but told CNBC it plans to ask Google to provide more information about the glitch that compromised the personal data of Google+ users. Because the privacy breach happened before May, the General Data Protection Regulation (GDPR) would likely not govern it (although it is worth noting that the UK ICO has applied GDPR to a continuing violation in the past). If GDPR did apply, fines could reach as high as 4% of global annual revenue under Europe’s new privacy law.
EU GDPR
– GDPR Compliance
– Consent Management Software
– GDPR Data Mapping Software
– DSAR Portal
– GDPR Text
California Consumer Privacy Act
– CCPA Summary
– CCPA vs GDPR
– CCPA Privacy Software
– CCPA Webinar
Other Blog Posts on Privacy Breaches:
More Privacy Breaches in Healthcare from Provider Leaks than Hackers
New PIPEDA Rules for Data Breach Reporting in Canada
SEC Issues First Fine for Delayed Data Breach Disclosure to Yahoo Remnant
FTC Expands Uber Privacy Settlement Over 2016 Data Breach
